Wednesday, February 14, 2007

Cyber Crime

The near-continuous hum of concern in the media about identity theft has always made me wonder about the logistics of that kind of criminal activity. How do the ten thousand Social Security numbers on the government laptop lost by some idiot bureaucrat make their way into the hands of the criminals? Turns out, in much the same way any information gets sold these days, from sports scores and stock prices to software applications and naughty pictures - networks, the web, commodification, entrepreneurs. This long but engrossing article in Information Week covers the basics.

Hacking isn't a kid's game anymore. It's big business. Online black markets are flush with stolen credit card data, driver's license numbers, and malware, the programs that let hackers exploit the security weaknesses of commercial software. Cybercriminals have become an organized bunch; they use peer-to-peer payment systems just like they're buying and selling on eBay, and they're not afraid to work together.

While the independent hacker still exists (pardon us, but in this story, we'll refer to "hacker" in the layman's sense), the FBI sees true organized crime in parts of the hacking community, particularly in Eastern Europe, says special agent Chris Stangl, who works in the bureau's cybercrime division, the agency's third largest behind counter-terrorism and intelligence. "You'll have hackers cracking the machines, individuals collecting the data, and individuals selling for profit," Stangl says.

Getting a clear picture of the hacker economy isn't easy. It's a murky underground about which few people are willing to talk on the record. But the general outlines can be gleaned from inside and outside sources.
(A good companion piece is the recent article in Wired on "botnet" attacks, in which cyber-criminals use software robots to commandeer and control PCs and servers and use them for all manner of nefarious ends.)